Out of the blue, my IE7 browser started acting like it was hijacked. My google or bing results would redirect to these low quality, weird URL sites. I ran malware bytes anti malware (MBAM), superantispyware (SAS), as well as MS security essentials, until all the logs came back clean. It took several iterations, but both MBAM and SAS now return clean results. I ran HJT as well, and then stumbled upon your site, and wanted to get some assistance in making sure there are no other issues. Here are my 2 logs, DDS and Attach. I would really appreciate someone taking a look.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Spyware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hi wherbjr35 and welcome to Spyware Warrior Forum :

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Remember, absence of symptoms does not mean the infection is all gone.

Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.

Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)

If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Quote:

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack_________________Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed

Anti-virus/firewall programs take up an enormous amount of your computer's resources when they are actively scanning or protecting your computer. Having multiple anti-virus/firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove any TWO of them now.

Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open.

OTL.txt <-- Will be opened, maximized

Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

5. ERUNT - Emergency Recovery Utility NT Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.

Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.

Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.

Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.

Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.

Click on OK ... then click on "YES" to create the folder.

Run:This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.

Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.

Click on OK within the pop-up menu.

In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:

System registry.

Current user registry.

Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.

Now click on "OK". A registry backup has now been created.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

6. I saw you are having Microsoft Office Enterprise 2007, are you using this computer for business?
Note: Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use.
These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.

7. Checklist
Please post:

both OTL and extra log

Answer about Business Use computer

note: These logs can be lengthy, so post 1 log per reply please.

Thanks,
torreattack_________________Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed

Business Use ComputerUnfortunately, we cannot help remove malware from a computer, used for business purposes.

Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use. These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.
An extract taken from the Spyware Removal's rules posted at the top of the Spyware Removal forum:

Gary R wrote:

The Help with spyware removal forum was set up to help private owners of computers, it was not intended that we assist with company owned machines. There may be restrictions and modifications to such machines that could be damaged or altered by the actions we take to remove Malware. There may also be legal issues with such machines that we are not equipped or trained to deal with.

We will close any topic where we believe the computer is one that is used in a business environment, irrespective of whether that business is a large company or a small one man enterprise.

For a corporate or multi-computer business:
I strongly advise that you contact your IT department. Make them aware of the problems you are having. If your computer is infected (possibly others as well), your IT department needs to be aware of this, so they can devise a plan to minimize any business impact.

For a single computer used for business purposes:
I would advise your contract an individual or firm to deal with any computer problems.

I'm sorry, that I am not able to offer you more assistance. Thank you, for your understanding in this matter.
I will now ask for this topic to be closed.

Sorry,
torreattack_________________Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed

Seriously dude, rookie or not, it doesnt take a novice to understand....I am on a personal computer that is in no way affiliated with a company or corporation. I am running Xp Home, which any noob would know is not being run by any corporation that is worth a darn... this machine is in no way associated with a company, how else can I provide assurance to you? I would provide, via PM, my service tag, if that would relieve your suspicions...Seriously...i have waited patiently, and followed all directions, to the letter...i am really offended that you are chosing to deny assistance to me, based on obviously bad judgement.

My situation is neither of things you describe in bullets #1 or #2. Any idiot can order Office 2007 Enterprise, so other than that, how have you come to your conclusions? Gary R is a moron who either cant read what I plainly posted, or have some seriously outdated information to believe anything i have posted is proof or evidence that this machine is owned/co-owned/sub-owned, or in ANY way associated with a business. What gives? I expect better from you? Are you even American??